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1. Introductions and apologies 


1.1. Apologies were received from Elizabeth Denham 


2. Declaration of interests 


2.1 There were no declarations made 


3. Matters arising from the previous meeting 


3.1 


The minutes of the previous meeting were agreed and there were 
no outstanding actions. 


4. Deputy Chief Executive Officer’s update 


4.1 


4.2 


Paul Arnold provided an update on matters relating to the ICO’s 
work including the recent fines issued to Ticketmaster and British 
Airways, outcomes of the audit reports relating to the main 
political parties and recent investigations, and the subsequent 
report relating to credit reference agencies. He also highlighted 
the recent Global Privacy Assembly conference that was 
successfully organised virtually by the ICO. 


An update was given on the progress of the constitutional review. 


5. Service Excellence Outcomes 


5.1 


5.2 


5.3 


5.4 


Paul Arnold presented the report providing an update to the 
Committee on what has been achieved in line with the service 
excellence objectives. 


It was confirmed that some of the work was put on hold as a 
result of the Coronavirus pandemic at the beginning of the year. 
However, the majority of the objectives have been completed 
including establishing the SME Hub together with the new Public 
Advice Service and merging the operations and policy sides of 
the organisation to establish multi-discipline teams. 


Jane McCall asked whether there is any evidence available on the 
efficiencies and customer satisfaction as a result of the 
realignment. Paul Arnold confirmed that this would be available 
in Q1 of 2021/22, as a workstream relating to customer 
satisfaction is planned for Q4. The KPIs and score cards will be 
included in the business planning for 2021/22. 


It was confirmed that Management Board will be reviewing the 
key performance indicators. 


6. Risk & Opportunity Management 


6.1 


ICO Approach to Risk Management 


Louise Byers presented the paper providing a summary of our 
approach. The paper was produced for the ICO Constitutional 
Review Oversight Board (with DCMS) and has also been 
presented to the Risk & Governance Board. 


6.2 


6.3 


6.4 


6.5 


6.6 


6.7 


6.8 


6.9 


The Risk & Governance Board will provide ongoing assurance to 
the Audit Committee on our risk and governance management. 


Ailsa Beaton commented that the document was very useful, 
outlining the three lines of defence, and showing how risk is 
being considered across the organisation. 


Risk Register - full annual review 


Louise Byers provided an update on the changes that have taken 
place since the papers were circulated as a result of the risks 
being reviewed by the Risk and Governance Board. An updated 
report will be presented to Management Board next week. 


Louise Byers confirmed that updates to the risk appetite, risk 
policy and risk register will be presented at the January meeting, 
with the risk appetite also being presented to Management Board 
in February for agreement. 


A question was asked whether the recent high profile fines will 
have an impact on the reputational risk. Paul Arnold felt that it 
was too soon to know whether there will be an impact. 


Deep Dive - new ways of working, current and in the future 


Paul Arnold introduced Jen Green as the Director of 
Communications who started at the ICO in January and has been 
responsible for the business continuity programme in response to 
coronavirus since March. 


Jen Green provided a presentation showing the work that has 
been carried out by the ICO to allow members of staff to work 
remotely, to provide wellbeing support to staff and confirming 
our flexible approach together with outlining the future of work 
and plans for the ICO. 


Jen Green thanked HR and member of Facilities for their work in 
ensuring that the offices could be opened safely. 


6.10 The Committee discussed the presentation and agreed that the 


proposals outlined in the presentation were very positive. 


7. Annual Report lessons learned 


Fil 


Andrew Hubert presented the report to provide the Committee 
with assurance that the lessons learned will inform the annual 
report cycle for next year. 


7.2 Main lessons related to communications and how documents are 
shared. 


7.3 It was highlighted that the timeline for next year must take into 
consideration the date that the Commissioner would end her 
term, to ensure that the report was completed, signed off and 
laid before her term concluded. 


7.4 The Committee discussed the possibility of a trust statement 
being required relating to fines received for next year’s end of 
year statements and annual report. 


Action: Andrew Hubert to give an update on progress in 
determining whether a trust statement is required to the January 
meeting, with a substantive agenda item confirming the outcome 
of this work at the April meeting. 


8. Finance 


8.1 Andrew Hubert presented the mid-year review of the budget 
highlighting a number of savings made within operating costs 
assuming the anticipated target for the fee income being 
achieved. 


8.2 The work relating to the Companies House campaign and renewal 
reminders was paused at the beginning of the year due to the 
pandemic. This work has now recommenced and it is 
anticipated that we will meet the fee income target for the year. 


8.3 Jane McCall supported the proactive approach in relation to 
fairness in ensuring all who should pay do pay, however 
acknowledged a reputational risk to this approach. 


9. Internal Audit update 


Progress Report 


9.1 Peter Cudlip presented the progress report and confirmed that 
the audits are on track. 


9.2 Internal Reports 


9.3. The recent internal audits have resulted in one substantial assurance, 
two adequate assurance and one limited assurance. It was confirmed 
that some audits have been impacted by COVID-19, especially the HR 
Controls as Mazars were unable to review physical documents held in 
the office. 


9.4 With regard to the business planning audit, Louise Byers 
highlighted that the processes covered within the scope are in 
place however it was hard to evidence the process because of the 
change of direction the ICO took due to the pandemic. 


9.5 It was proposed that the annual internal audit report should 
identify areas where audits have been impacted by COVID-19. 


9.6 Anthony Luhman joined the meeting to discuss the Relationship 
Management Service audit (limited assurance) and answered 
queries from the Committee members. He confirmed that work 
has already started on the recommendations and he is confident 
that the deadlines will be met. 


9.7 The Committee supported an advisory audit for the Business 
Continuity and Disaster Recovery. 


10. Outstanding audit recommendations 


10.1 There is one late action regarding the succession planning. It is 
expected that this action will be completed by January meeting. 


10.2 Ailsa Beaton stressed the importance that all audit 
recommendations scheduled for completion by the end of the 
financial year to be completed on time. 


11. External audit update 


11.1 David Eagles from BDO provided an oral update. The external 
audit plan will come to the January meeting. 


12. Fraud and whistleblowing 


12.1 Ailsa Beaton provided an update on the whistleblowing 
disclosures she had received. 


13. Security Report 


13.1 Louise Byers highlighted the reduction in incidents and provided 
context on the 72 email disclosures against a background of in 
1.4 million emails being sent out during that period. 


13.2 Jane McCall asked for assurance on work being carried out to 
reduce the reporting times. Louise Byers confirmed that 
Managers are being reminded to report incidents immediately 
rather than investigating the disclosure themselves prior to 
reporting. 


13.3 The highest volume is within the Public Advice and Data 
Protection Complaints department and it was confirmed that that 
this was expected, as this was the area of highest volumes. 
There is ongoing training to raise awareness on disclosures within 
this department. 


14. Single Tender Contract Awards 


14.1 The Committee noted the procurement awarded. 


15. Any Other Business 


15.1 Ailsa Beaton confirmed that a discussion would be taking place 
after the meeting to discuss the procurement of the internal audit 
contract. 


